Bradley W. Langhorst
2002-Oct-07 22:17 UTC
[Samba] changing smb passwords from non smb machines
In the interest of not having password divergence between NT and unix I've got everything authenticating against and ldap database. samba password updates are not a problem - i just use the unix password syncing features. however the other direction is proving to be a problem. I can rig pam to update both passwords with pam_ldap and pam_smbpass on machines that run samba. On some machines I don't want to run samba but i still want to provide passwd updates. I've considered and rejected pam_smb and pam_ntdom since they don't seem to have the password updating features (just auth features). I'd rather have the samba stuff updated by an exop on the ldap server but i don't think that is possible since the ldap server would have to know how to generate NT and LM hashes Is there anybody else in the same situation - how do you handle this? thanks! brad
Andrew Bartlett
2002-Oct-12 00:49 UTC
[Samba] changing smb passwords from non smb machines
"Bradley W. Langhorst" wrote:> > In the interest of not having password divergence between NT and unix > I've got everything authenticating against and ldap database. > > samba password updates are not a problem - i just > use the unix password syncing features. > > however the other direction is proving to be a problem. > I can rig pam to update both passwords with pam_ldap and pam_smbpass > on machines that run samba. On some machines I don't want to run samba > but i still want to provide passwd updates. > > I've considered and rejected pam_smb and pam_ntdom > since they don't seem to have the password updating features (just auth > features).pam_winbind does password changes.> I'd rather have the samba stuff updated by an exop on the ldap server > but i don't think that is possible since the ldap server would have to > know how to generate NT and LM hashesIf you are into this kind of thing, I think it would be very nice. I've recectly added the support to pdb_ldap to call such a routine - which would allow Samba to do only one password set, allowing the ldap server to deal with the rest. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net